Filed under: Developer, Internet, Security, Windows, Blogging, Web services, Commercial
FeedDemon developer wants to help other aggregator developers with security
by Jason Clarke Aug 29th 2006
Nick Bradbury is a good guy. You can get an idea of this by searching on his name in Technorati, and seeing what other bloggers have to say about him. The reason I bring this up is that I was blown away by the way in which Nick tackled the recent revelation that there is a security vulnerability in almost all current RSS aggregators that could allow a nefarious publisher to get a script to run on the reader's computer. Nick is the developer behind the absolutely excellent FeedDemon feed reader, which NewsGator purchased about a year ago. In Nick's case, due to the manner in which he uses Internet Explorer's rendering engine in "Internet Zone" mode, the exploit doesn't work on FeedDemon. That fact notwithstanding, Nick dove into the problem and came up with a fix to eliminate the vulnerability altogether. The new version of FeedDemon, 2.0.0.25, is available as of today, and includes a substantial performance enhancement. All that is well and good, and for those of us that own a copy of FeedDemon the new version is a very worthwhile upgrade. But that's not what this story is about.
After figuring out the problem and a solution for it, Nick decided to share his knowledge with the RSS community, and is offering to help any other feed aggregator developers (in other words, his competition) to ensure that their applications are not vulnerable either. That's pretty cool.
After spending the better part of an hour on 
Reader Comments (Page 1 of 1)
Qwfwq said 1:09PM on 8-29-2006
That's very commendable of Nick Bradbury. FeedDemon has been praised as the best RSS reader for Windows but "unfortunately" it's not free. All the better that he has offered his help to other developers so that this vulnerability can also be eliminated in the free aggregators.
Reply